Sympa Privacy Policy

How we manage your privacy.

Last updated: December 2025

Sympa is built on clarity and trust. This Privacy Policy applies to all Sympa services, including www.sympa.ai (public website) and app.sympa.ai (the Sympa application). This Policy explains what information we collect, how we use it, and the choices you have. We keep things simple so you know exactly how your data is handled.

1. Quick Summary

  • We do not sell your data.
  • We do not share your data with advertisers or data brokers.
  • We do not use tracking cookies, tracking pixels, or cross-site analytics.
  • Your health and genetic information is pseudonymized and stored separately from your identity.
  • AI tools never use your data to train third party models.
  • You may request deletion of your data at any time.

2. How We Store and Protect Your Data

Sympa uses a privacy-by-design architecture:

  • Your identity information (e.g., email) is stored in one system.
  • Your health-related data (e.g., symptoms, notes, genome files) is stored in a separate system.
  • These systems are linked only through a random pseudonymous ID that is unlocked when you log in.

Sympa does not collect any health information automatically. All health-related data exists only because you chose to enter or upload it.

Sympa is not a HIPAA-covered entity, and HIPAA does not apply to the data you enter. Your information is protected by Sympa’s own privacy and security practices rather than HIPAA regulations.

Only a small number of authorized Sympa engineers have access to these systems.

3. Information We Collect

Information you provide

These are items you intentionally submit to Sympa:

  • Name and email address (for account creation and communication)
  • Contact form/email. If you contact us through email or our website contact form, any personal information you include (such as your name or email address) will be processed as part of normal support operations.
  • Support and Feedback Data. In-app support and feedback are pseudonymous and linked only to an account ID unless you voluntarily include identifying information.
  • Health-related information you enter into Sympa
  • Birth year and sex, which are collected during onboarding and used to help interpret health patterns. These values are stored as part of your health‑related data but are not stored with your personal identity.
  • Genetic or lab data you choose to upload
  • Optional notes, logs, and reflections

Information collected automatically

  • Basic technical information for security, such as IP address at login or device type. This does not include browsing history or cross-site behavior

We do not collect sensitive demographic categories (e.g., race, ethnicity, sexual orientation) unless you explicitly include them in your own notes.

To protect your privacy, please avoid entering information that could identify you—such as full names, addresses, phone numbers, employer names, or exact dates—into your health-related data. Sympa cannot automatically detect or remove identifying details you choose to include.

4. How We Use Your Information

We use your information to:

  • Provide and maintain Sympa’s features
  • Help you explore patterns in your data
  • Improve system performance, safety, and reliability
  • Communicate with you about service updates or account issues

We do not use your information for:

  • Advertising
  • Behavioral targeting
  • Data brokerage
  • Selling insights to third parties

5. AI Processing

Sympa may use automated systems—including statistical tools, correlation engines, and AI models (such as OpenAI)—to help generate summaries, identify trends, and support reflection on your data.

What is processed

  • Information you enter (notes, logs, symptoms, genetic or lab data)
  • System-generated metadata (e.g., times of entries or updates)
  • Pseudonymized identifiers used to associate your data with your account

Where processing happens

When AI providers (such as OpenAI) are used:

  • Only the specific information needed for that request is sent
  • Data is pseudonymized where possible
  • AI providers will not use your data to train their own models.

How insights are generated

Insights may come from:

  • Pattern detection
  • Statistical associations
  • Sympa’s internal logic and models
  • AI-generated summaries or reflections

These techniques may operate in the background. They are designed to help you understand your own data, not to make decisions on your behalf.

Limitations

  • Automated insights may contain errors, omissions, or outdated information
  • They may not apply to every user or situation
  • They should be interpreted as informational tools, not clinical guidance

Sympa does not use automated decision-making that produces legal or similarly significant effects on users.

6. Cookies and Analytics

  • Sympa does not use cookies for tracking, advertising, or personalization.
  • Sympa does not use cross-site trackers or marketing pixels.
  • We use PostHog analytics in privacy-preserving mode (no cookies, no cross-site tracking, no unique identifiers).

7. When We Share Data

Sympa shares data only with trusted service providers, and only for essential operations:

  • Cloud hosting providers
  • Database infrastructure
  • AI inference providers (e.g., OpenAI)

These providers may process data on our behalf but cannot use it for their own purposes. This includes analytics providers such as PostHog, who process anonymized usage metrics on our behalf.

We do not share data with advertisers, business partners, data brokers, or social platforms.

8. Data Retention and Deletion

You may delete your account at any time:

  • Personal identifiers are removed from active systems within 30 days.
  • Health and genetic data is deleted or de-identified. If any information remains in encrypted backups, it is isolated from active systems and deleted automatically when the backup expires.
  • Sympa may retain fully de-identified, aggregated data for research and platform improvement.

9. Your Rights

Depending on your location, you may have rights to:

  • Access your data
  • Correct or update your data
  • Request deletion
  • Export a machine-readable copy
  • Withdraw consent for processing

To exercise any of these rights, contact privacy@sympa.ai.

10. Children’s Privacy

Sympa is intended for users 18 years or older. Caregivers or legal guardians may use Sympa on behalf of someone under 18. We do not knowingly collect data directly from children.

11. International Users

All data is stored and processed in the United States. By using Sympa, you consent to this transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time as Sympa evolves or as laws change. When we do, we will update the revision date at the top of this document.

13. Contact Us

If you have questions about this policy or your data, contact:

Sympa

817 Pacific Ave

Bremerton, WA 98337

United States

privacy@sympa.ai

Back to Home